Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-08-16 14:13:01.0

How do I setup an Entrust SSL certificate on Kerio Mail Server?

Article Number: 43311

User-added image
User-added image For Kerio MailServer

Before you Begin

Testing for this guide was performed on a MAC OS X Tiger Server.
Please note: Kerio MailServer does not support server-side intermediate certificates. Entrust does NOT use intermediate certificates for standard or advantage type certificates.

This process is in three parts:
1) Keypair and CSR generation
2) Server Certificate Installation
3) Enabling SSL

Part 1 of 3: Keypair and CSR generation

1. From the Administration Console, locate the Configuration/SSL Certificates dialog.
Select New -> Certificate Request.

2. Supply all information. Note: The 'Hostname' (external DNS of the site) MUST resolve to the IP address of your Kerio MailServer in order for the certificate to work.

3. View the request file by selecting the request, and Show -> request. The request information will appear in a separate window.

Part 2 of 3: Server Certificate Installation

Once you have received the certificate in X.509 base-64 encoded format, this exact information must be saved as *.crt to some location on the local hard drive.

1. Locate the /sslcert directory.
 OSX: /usr/local/kerio/mailserver
 Windows: C:/program files/kerio/mailserver
 Red Hat: /opt/kerio/mailserver

2. Locate the *.csr file. This is the request file, it should be named something like server1.csr.

3. Copy the signed certificate into this directory using the same name as the request file, but with the .crt extension. For example server1.crt.

At this point, you should have three files: the request (*.csr), the private key (*.key), and the certificate (*.crt). All files should have the same name, for example server1.csr, server1.key and server1.crt.

Part 3 of 3: Enabling SSL

1. Restart Kerio MailServer and reconnect to the administration console.

2. In Configuration/SSL Certificates, select the new certificate and choose the 'set as active' button in the bottom right corner.

3. Restart the Kerio MailServer service to activate the new signed certificate.

Disaster Recovery

Once you have completed this procedure, create a backup copy of the sslcert directory and save it to external media.  If you loose the private key, it will be necessary to generate a new request and repeat this process.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN6974

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 1 Year Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Cert Admin Advantage Server Certificate 2 Year Version Not Applicable Language Not Applicable Platform Not Applicable